This forum is now a read-only archive. All commenting, posting, registration services have been turned off. Those needing community support and/or wanting to ask questions should refer to the Tag/Forum map, and to http://spring.io/questions for a curated list of stackoverflow tags that Pivotal engineers, and the community, monitor.

AnnouncementAnnouncement Module

Collapse

No announcement yet.

What is the best strategy for Social LinkedIn <-> Security integration?Page Title Module

What is the best strategy for Social LinkedIn <-> Security integration?

May 4th, 2012, 08:37 AM

We have been working for some time on getting LinkedIn authorisation working. That is,

- the end user authenticates with LinkedIn
- we dont know (let alone keep) their user id or password
- we keep their LinkedIn unique token on our database
- we can control their access rights using Spring Security.

But the developer has thrown in the towel. His email to me is below.

Is there a current approach to getting this working? Google finds things, but they seem old and complex.

Alternatively, I am thinking we could use the LinkedIn javascript on the front end to enable the user to log in. Then we could use the LinkedIn api on the server side to control access to parts of the app.

Help me understand better what it is you're trying to do...your bullet points gave me some idea, but I'm still a bit unclear. To what level are you looking to integrate with Spring Security? Are you looking to do a simple "Sign in With LinkedIn" where you use LinkedIn as the authentication point for your app, but Spring Security for handling authorization? Or is there something else you're expecting?

In the case of "Sign in With LinkedIn", the Spring Social Showcase shows exactly how to do that. I just tried it out with LinkedIn and it's working perfectly. if that's what you're trying to do, you might have a look at that. And, of course, feel free to ask any questions you may have.

Regarding the stability of Spring Social LinkedIn:
- I know of only 1 open bug against the project and it seems unrelated to what you're trying to do. If you're encountering issues, then there's no way I can know to fix them unless someone files a bug in JIRA: https://jira.springsource.org/browse/SOCIALLI. It's good to discuss them in this forum, but it's even better to report them as bugs with enough info to help recreate it (and ultimately fix it).
- The forum post mentioned is from mid-last year--over 9 months ago. There has been a lot of work on Spring Social LinkedIn since then. I'm not saying it's perfect, but again I am only aware of one open bug.
- The bulk of the "sign-in-with" and connection flow code is part of Spring Social's core and web modules and is generic to work with all providers. If this were a serious problem, I'd have been made aware of it from the Facebook and Twitter (and other)-oriented projects out there. I suppose there may be something LinkedIn-specific that's causing trouble, but unless a bug is reported I won't know that it needs to be fixed.

Comment

In terms of what I am trying to do. We want the user to login via linked in, for linked in to give us their unique id for our app and then for us to store that unique id so we know when they come back. We want to be able to assign them to some level or group so that we can use Spring Security to give us robust, fine grained control of their access rights. We don't want to know anything about user ids on our side, that is what linked in is for.

In terms of the stability, if you say its good then I take without question. It is just I have had 3 independent contractors tell me they have had real problems. It may say something about them of course, but they are the best I can find - which might reflect the bigger problems I have of getting contractors in this space.

I will review the SS showcase again and revert. If we run into a problem we will have more confidence to raise a jirra, although for a begginer like me that feels like telling Rafael Nadal he has a slight flaw in his back hand.

Thanks again.

Greg

Comment

It sounds like you want to use Spring Social's ProviderSignInController along with Spring Social LinkedIn. It should be able to do exactly what it is you described. And again, the Spring Social Showcase sample (https://github.com/SpringSource/spri...ocial-showcase) demonstrate exactly that (plus some other stuff). Also note that unless you pulled the showcase in the last couple of minutes, there was a build problem that has since been resolved. You might do another "git pull" to make sure you have the latest stuff.

I feel that the LinkedIn module is good. I won't claim perfection, but I've had little trouble with it. Again, the showcase sample exercises some of it and I've independently verified a great deal of it. But be aware that the bulk of the API binding was contributed by a community member and although I've done some testing with it, most of it is not *my* code. I do believe the community member did a good job and my testing has confirmed that...but I also acknowledge that there may be uncovered bugs.

If you find something out of place, *please* let me know so I can fix it. Keeping a community mindset, I'd much rather someone tell me where the problems are and give me a chance to correct them than to have them speak ill of the project without contributing constructive feedback.

Comment

I'm sure it's do-able, but unless I set aside some time to try it I can't be certain what the precise steps are.

I know you'll want the stuff in SocialConfig.java. Roo projects use Spring's XML configuration, but you can mix-n-match. Just make sure that SocialConfig is loaded as a bean and I think it will work fine. You'll also want the views under src/main/webapp/WEB-INF/views/connect (or some equivalent to them). And there's likely something I'm missing...but without going through the steps myself I can't say for sure.

The best approach here is not to simply copy-n-paste into a different project, but to understand the parts that you are copying and what they do. That way if you miss something you'll have a good idea of how to address any errors that come up. For that, the Spring Social reference document should help. Of course, you're welcome to ask here in the forums if you get stuck.

Comment

I've seriously considered a Spring Social plugin for Roo, but haven't had the time to work on it. It'd be a nice thing to have, no doubt. I think it would need to be well thought out so that you could issue a Roo command that might ask you for your provider credentials (e.g., Facebook/LinkedIn/Twitter API key and secret) and then add/modify the appropriate beans to support connecting with that provider. For example, you might have a command like this:

Code:

roo> social facebook --key myAppsAPIKey --secret myAppsSecret

And likewise, similar commands for other providers. Of course, the selection of providers would be limited to what the plugin knows about, but it'd still be a good start.

The first time one of these commands is run, it'd setup everything; connection factory locator, the provider-specific connection factory, the connection repositories, ConnectController (and ProviderSignInController as an option), and some basic JSP views for the connection statuses. Any followup commands for other providers would simply add another connection factory to the connection factory locator.

As I write that, it sounds simple enough to do. It's not currently on the roadmap so there's no timing of when this might be available...but I've gone ahead and created https://jira.springsource.org/browse/SOCIALFB-86. I'm terribly interested in seeing something like this happen, so if someone else out there wants to give it a shot and contribute it, I'll be quick to review your work and get it in ASAP. If there are no takers, then I might tinker with it in my spare time (which is really non-existant at the moment).

Comment

As we work through doing what you describe by hand we will keep a log of issues and design decisions taken. If we get to the end and someone who knows what they are talking about has not stepped in I will post them for your review before trying to wrap into a plugin.

Comment

I'm the person who contributed the code to integrate spring social with linkedin. Unfortunately I don't check in here very often as it was a community contribution, rather than I work for SpringSource, and I'm snowed under with a client project at the moment.

Not sure where you are with this at the moment. All my work was contributed late 2011 so well after that thread. The code was quite light around when the thread was written as facebook seemed to be the priority for SpringSource. Most of my contribution was around mapping the linkedin API calls to spring rather than the OAuth (login) part, which was already done and working well.

I see you're using Spring Roo as well, which I ended up steering away from. At the time I found it to difficult to do anything outside the norm (i.e. spring social) with it. It adds a layer of abstraction to the developer and thus ended up frustrating me more than anything. This is not to say I'm critical of Roo just that it was another thing to get my head around when I'm used to working at a lower more direct level.

To be honest if all you're doing is using the login with linked in button then the spring-social-linked in api is possibly way overkill for you. You can easily do this with their javascript widget at https://developer.linkedin.com/documents/sign-linkedin then pass the id back to your current auth system.

I'll try to check in over the next couple of weeks to see how you're getting on.

Comment

Have a virtually working Spring Social Showcase in a Roo project and a shell of a Plugin. I will post to github after this 4 day weekend in London - queue trumpets - "....long may she reign over us...."

To be honest if all you're doing is using the login with linked in button then the spring-social-linked in api is possibly way overkill for you. You can easily do this with their javascript widget at https://developer.linkedin.com/documents/sign-linkedin then pass the id back to your current auth system.

Really good idea. I am seeing the Roo Social Plugin offer a number of implementation use cases, and this is really good one. If you post the "easy" code I would include it as an option in what I do for the plugin.